Skip to Navigation
Skip to Main content
OIG Home
OIG Home

IN THIS SECTION

Skip SHARE THIS PAGE section Skip STAY CONNECTED section

Audit Highlights

The following are highlights of our work during the October 1, 2025–March 31, 2026, semiannual reporting period.


2025 Audit of the Board's Information Security Program
The Board's information security program decreased from a level-4 maturity (managed and measurable) to a level-3 maturity (consistently implemented), leading us to conclude that it is no longer effective.

2025 Audit of the CFPB's Information Security Program
The CFPB's information security program decreased from a level-4 maturity (managed and measurable) to a level-2 maturity (defined), leading us to conclude that it is no longer effective.

The CFPB Can Enhance Its Processes for Storing and Disposing of Its IT Asset Inventory
The CFPB maintains a large inventory of aging, unassigned IT assets and does not identify and dispose of these assets timely or store them in a defined manner.

The Board Should Enhance Its Ability to Monitor the Efficiency and Timeliness of Its Processing of Certain Banking Applications
Despite taking measures to increase efficiency and timeliness, the Board's processing times for certain banking applications increased from 2021 to 2024.

The Board Should More Effectively Manage and Secure Its Inventory of Unassigned Laptops and Hard Drives Ready for Disposal
The Board's inconsistent tracking and management of IT assets—including 677 uninventoried laptops worth over $1.4 million and 5 laptops remaining with former employees—creates an inefficient use of resources and a significant risk of data exfiltration, respectively.

RELATED INFORMATION

Audits FAQs

See common Audits questions and answers.

Audit Reports

View a sortable list of audits, evaluations, and other reviews.

LINKS TO THE BOARD AND THE CFPB

RELATED SITES AND RESOURCES